PT-2007-2180 · Apple · Macos X+1

Publicado

2007-04-24

Atualizado

2011-03-08

CVE-2007-0729

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.3.9 through 10.4.9

Description The issue concerns the Apple File Protocol (AFP) Client, which does not properly clean the environment before executing commands. This allows local users to gain privileges by setting unspecified environment variables.

Recommendations For versions 10.3.9 through 10.4.9, consider restricting the execution of commands by the AFP Client until a fix is available, and avoid setting sensitive environment variables that could be exploited.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2007-0729

Produtos afetados

Apple File Protocol (Afp) Client

Macos X

PT-2007-2180 · Apple · Macos X+1

CVE-2007-0729

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10